CVE-2024-12426

Medium CVSS: 6.7

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.

URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.

This issue affects LibreOffice: from 24.8 before < 24.8.4.

Vendor

Libreoffice

Product

Libreoffice

CWE

CWE-200

Yayın Tarihi

2025-01-07 13:15:07

Güncelleme

2025-12-08 18:35:10

Source Identifier

security@documentfoundation.org

KEV Date Added

Kategoriler

CWE-200 Libreoffice MEDIUM Libreoffice 2025

Referanslar

https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426 https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html

Benzer Kayıtlar

Low

CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the T…

Low

CVE-2025-2866

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper…

Medium

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with…

High

CVE-2025-1080

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An addit…

High

CVE-2025-0514

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targ…

Low

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation…